The cybersecurity community has reacted with shock and bewilderment at a decision by the US government not to renew MITRE’s contract to manage the Common Vulnerabilities and Exposures (CVE) database.